This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
other:ldap [2021/04/03 21:27] nanodano |
other:ldap [2021/04/03 22:04] (current) nanodano [web2ldap] |
||
---|---|---|---|
Line 88: | Line 88: | ||
</ | </ | ||
- | TODO: Setup certbot auto renew, | + | If you want to setup certbot |
+ | |||
+ | < | ||
+ | crontab -e # As root | ||
+ | |||
+ | # And add the following line to renew at 4:24am on 3rd day of month | ||
+ | 24 4 3 * * certbot renew --post-hook " | ||
+ | </ | ||
At this point you can use StartTLS on the ldap:// port. | At this point you can use StartTLS on the ldap:// port. | ||
Line 155: | Line 162: | ||
==== Apache Directory Studio ==== | ==== Apache Directory Studio ==== | ||
- | [[https:// | + | [[https:// |
+ | |||
+ | To add a new server connection, go to '' | ||
+ | Use Simple Authentication, | ||
+ | |||
+ | To add a user, right click on the top level object and add New Entry (Create from Scratch). | ||
+ | Give it two object classes: '' | ||
+ | Give it RDN of '' | ||
+ | |||
==== JXplorer ==== | ==== JXplorer ==== | ||
+ | |||
+ | [[http:// | ||
==== web2ldap ==== | ==== web2ldap ==== | ||
- | Libraries | + | [[https:// |
+ | |||
+ | To install it in Debian, | ||
+ | |||
+ | <code bash> | ||
+ | sudo apt install python3-venv rustc python3-dev libsasl2-dev libldap2-dev libssl-dev | ||
+ | python3 -m pip install web2ldap | ||
+ | </ | ||
+ | |||
+ | To run, it, simply invoke the script provided by the pip package: | ||
+ | |||
+ | <code bash> | ||
+ | web2ldap | ||
+ | </ | ||
+ | |||
+ | Then connect to it in a browser, using the address it outputs. For example. [[http:// | ||
+ | |||
+ | Click connect to a server, then click on ' | ||
+ | |||
+ | When you CLICK into an OU or group, your whole context changes. When you click "new Entry", | ||
+ | |||
+ | To move a user, go to Tree, view user, and click Rename on right side. Change superior DN to include the new OU info. | ||
==== Python Library ==== | ==== Python Library ==== | ||
Line 214: | Line 254: | ||
==== Java Library ==== | ==== Java Library ==== | ||
- | https:// | + | There is a Java library provided by the Apache Directory project: [[https:// |
Line 224: | Line 264: | ||
<code bash> | <code bash> | ||
- | # Pass a file | + | # Pass a file with `-f`. Use `-Y EXTERNAL` for server configs. |
ldapmodify -H ldapi:/// -Y EXTERNAL -f change.ldif | ldapmodify -H ldapi:/// -Y EXTERNAL -f change.ldif | ||
- | # Or bind using an admin account | + | # Or bind using an admin account |
ldapmodify -H ldapi:/// -f change.ldif -D cn=admin, | ldapmodify -H ldapi:/// -f change.ldif -D cn=admin, | ||
Line 263: | Line 303: | ||
objectClass: | objectClass: | ||
objectClass: | objectClass: | ||
- | userPassword: | + | # Salted SHA password provided by `slappasswd` |
- | = | + | userPassword: |
</ | </ | ||
- | If you need a hashed password to provide to the '' | ||
- | <code bash> | + | |
- | slappasswd | + | |
- | </ | + | |
==== Delete an OU ==== | ==== Delete an OU ==== | ||
Line 288: | Line 325: | ||
==== Update TLS certificates ==== | ==== Update TLS certificates ==== | ||
+ | |||
+ | When updating the certificates, | ||
<code ldif update_certs.ldif> | <code ldif update_certs.ldif> | ||
+ | # If using `ldapmodify`, | ||
+ | # instead of `-W -D cn=admin, | ||
+ | # since it affects the server config directly | ||
dn: cn=config | dn: cn=config | ||
changetype: modify | changetype: modify |